Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Michael Veale @mikarv@someone.elses.computer Profile picture
Michael Veale @mikarv@someone.elses.computer
@mikarv
assoc prof in tech law & vice-dean @UCLLaws, fellow @ivir_uva. not resigned to today's digital power structures (yet). 🦣 https://t.co/pCUFKDvU4O
5 subscribers
Nov 20, 2023 23 tweets 7 min read
How do and should model marketplaces hosting user-uploaded AI systems like @HuggingFace @GitHub & @HelloCivitai moderate models & answer takedown requests? In a new paper, @rgorwa & I provide case studies of tricky AI platform drama & chart a way forward. osf.io/preprints/soca…
Moderating Model Marketplaces: Platform Governance Puzzles for AI Intermediaries. The AI development community is increasingly making use of hosting intermediaries such as Hugging Face that provide easy access to user-uploaded models and training data. These model marketplaces lower technical deployment barriers for hundreds of thousands of users, yet can be used in numerous potentially harmful and illegal ways. In this article, we argue that AI models, which can both `contain' content and be open-ended tools, present one of the trickiest platform governance challenges seen to date. We prov... @huggingface @github @HelloCivitai @rgorwa There are a growing number of model marketplaces (Table). They can be hosting models that can create clear legal liability (e.g. models that can output terrorist manuals or CSAM). They are also hosting AI that may be used harmfully, and some are already trying to moderate this. Image
Aug 19, 2022 4 tweets 2 min read
Int’l students are indeed used to subsidise teaching. High quality undergraduate degrees cost more than £9250 to run (always have in real terms), but were been subsidised by both govs (now rarely) & academic pay cuts. If int’l students capped, what fills the gap @halfon4harlowMP? Tuition fees are a political topic because they’re visible to students, but the real question is ‘how is a degree funded’? The burden continues to shift from taxation into individual student debt, precarious reliance on int’l students, and lecturer pay.
Aug 19, 2022 4 tweets 3 min read
Users of the Instagram app should today send a subject access request email to Meta requesting a copy of all this telemetry ‘tap’ data. It is not provided in the ‘Download Your Information’ tool. Users of other apps in the thread that do this (eg TikTok) can do the same. Form: m.facebook.com/help/contact/5…
Say you are using Art 15 GDPR to access a copy of data from in-app browsers, including all telemetry and click data for all time. Say it is not in ‘Download your Information’. Link to Krause’s post for clarity. Mention your Instagram handle.
Jul 18, 2022 15 tweets 4 min read
The Data Protection and Digital Information Bill contains a lot of changes. Some were previewed in the June consultation response. Others weren't. Some observations: 🧵 Overshadowing everything is an ability for the Secretary of State to amend anything they feel like about the text of the UK GDPR through regulations, circumventing Parliamentary debate. This should not happen in a parliamentary democracy, is an abuse of powers, and must not pass.
Jul 18, 2022 5 tweets 2 min read
No legislation envisaged, just v general "cross-sectoral principles on a non-statutory footing". UK gov continues its trend of shuffling responsibility for developing a regulatory approach onto the regulators themselves, while EU shuffles it onto private standards bodies. Meanwhile, regulators are warned not to actually do anything, and care about unspecified, directionless innovation most of all, as will be clearer this afternoon as the UK's proposed data protection reforms are perhaps published in a Bill.
May 13, 2022 6 tweets 3 min read
By my calculations, @officestudents' "unexpected" first class degrees model they calc grade inflation with uncritically expects a white, non-mature/disabled female law student to have a 40.5% chance of a First; the same Black student to have 15.4% chance. theguardian.com/education/2022… The data is hidden in Table 6 of the annex to the report here officeforstudents.org.uk/publications/a… (requires you to add up the model estimates, do inverse log odds) Image
Apr 19, 2022 18 tweets 7 min read
New, very long GDPR preliminary reference from Austria (LVwG Wien) on meaningful info around logic of automated decisions. Questions not on Curia yet (C-203/22 Dun & Bradstreet) but referring judgment in German here. Simplified translation thread below 🧵
ris.bka.gv.at/Dokument.wxe?R… The case refers to a credit rating agency and creditworthiness, which is clearly the ground on which Art 22 and Art 15(1)(h) jurisprudence will be first developed (see also Schufa Holdings, pending).
Apr 5, 2022 10 tweets 3 min read
Looks like, as expected, the CJEU does not adapt its case law in reaction to the Graham Dwyer data retention case. Passes it back to lreland to domestically sort out relying on retained telecoms data that may not have had a legal basis. Further reinforces that if you are going to order a targeted retention of data, it has to be done by an independent body, not by a public prosecutor (HK v Prokuratuur) or an independent-ish wing of the actual police (this case, presumably the the Gardaí Telecoms Liason Unit).
Feb 8, 2022 10 tweets 5 min read
The French presidency of the Council sent a compromise text on arts 16-29 of the EU AI Act, leaked to @Contexte. My analysis below: Thread 1/ To get caught up, previous thread on Council changes tranche 1:
Feb 8, 2022 4 tweets 3 min read
Finally! @FD_Nieuws reports the Dutch DPA is telling all actors in NL to stop profiling users w/ real-time bidding & associated tracking architectures, after the Belgian DPA's ruling on structural inadequacies of the IAB Europe's 'cookie banner' fix, TCF. fd.nl/tech-en-innova… They are not currently announcing an enforcement plan relating to publishers.
Feb 7, 2022 4 tweets 2 min read
Scholars! Your regular reminder not to use Mendeley to manage refs; this Elsevier product force encrypts your local database (lying that it’s for GDPR) so you can’t migrate to eg Zotero, leaving the only export via an online API they can kill whenever. zotero.org/support/kb/men… as the @zotero team notes, “Elsevier later stated that the change was required by new European privacy regulations — a bizarre claim, given that those regulations are designed to give people control over their data and guarantee data portability, not the opposite”.
Feb 4, 2022 13 tweets 5 min read
Significant news for the AI Act from the Commission as it proposes its new Standardisation Strategy, involving amending the 2012 Regulation. Remember: private bodies making standards (CEN/CENELEC/ETSI) are the key entities in the AI Act that determine the final rules. 🧵 Firstly, the Commission acknowledges that standards are increasingly touching not on technical issues but on European fundamental rights (although doesn’t highlight the AI Act here). This has long been an elephant in the room: accused private delegation of rule making by the EC.
Feb 1, 2022 11 tweets 4 min read
Very detailed and wide-ranging decision of the Belgian DPA regarding cookie tracking in relation to (from inference, it's badly anonymised...) the @EDAATweets, the service that runes Your Online Choices (ht @PrivacyMatters) autoriteprotectiondonnees.be/publications/d… Admittedly, the Chamber at the end says it wasn't really trying to anonymise. Image
Jan 21, 2022 21 tweets 7 min read
The French presidency of the Council send around a compromise text last week on arts 8-15 of the EU AI Act (some of the requirements for high risk systems). My analysis of them below: 🧵 1/ Remember that the AI Act hinges on proprietary, privately determined standards from CEN/CENELEC. The Commission always holds these are optional, but the proposal goes (further) in making it impossible to comply without buying them (~100 EUR) and referring to them. Image
Dec 13, 2021 5 tweets 3 min read
I hadn't quite appreciated how much the October CJEU referral on Article 22 GDPR in C-634/21 SCHUFA Holdings has to grapple w the tough Qs @RDBinns and I asked in our recent IDPL paper, on where in a multi-actor profiling pipeline a 'decision' happens. curia.europa.eu/juris/showPdf.… Image In particular, in the SCHUFA case, the referring court (Wiesbaden Admin Court) struggles with reconciling the idea that the score is just information with the fact it is relied upon by downstream actors. Image
Nov 30, 2021 16 tweets 6 min read
B3. The proposal does little to stop the huge pre-emption of any national rules on use of AI, besides the reduction in scope of the AI definition which reduces the pre-empted scope slightly because not absolutely everything can be claimed to be ‘use of software’. B4. A huge removal of a high risk system is to remove systems modelling and searching through giant crime databases. Likely because unlike many Annex III technologies, these are commonly used in MSs… In theory EC could propose its return one day but wouldn’t hold breath.
Nov 30, 2021 9 tweets 4 min read
The Council presidency compromise text on the draft EU AI Act has some improvements, some big steps back, ignores some huge residual problems and gives a *giant* handout to Google, Amazon, IBM, Microsoft and similar. Thread follows. 🧵 The Good:
Jul 6, 2021 44 tweets 18 min read
New 📰: There's more to the EU AI regulation than meets the eye: big loopholes, private rulemaking, powerful deregulatory effects. Analysis needs connection to broad—sometimes pretty arcane—EU law

@fborgesius & I have done it so you don't have to: long 🧵
osf.io/preprints/soca… Demystifying the Draft EU Artificial Intelligence Act In Apr The Act (new trendy EU name for a Regulation) is structured by risk: from prohibitions to 'high risk' systems to 'transparency risks'. So far so good. Let's look at the prohibitions first.
Jun 1, 2021 10 tweets 5 min read
Concerned with platforms' power to map & reconfigure the world w/ ambient sensing? I'm *hiring* a 2-year Research Fellow (postdoc) @UCLLaws. Think regulating Apple AirTags (UWB); Amazon Sidewalk (LoRa), and—yes—Bluetooth contact tracing. (please RT!) 1/ atsv7.wcn.co.uk/search_engine/… ImageImage You'll join a deeply interdisciplinary team of critical privacy engineers (@carmelatroncoso @sedyst); sensor experts (@SrdjanCapkun); epidemiologists and medical devices experts (@marcelsalathe @klausscho); and systems and security whizzes (@gannimo @JamesLarus @ebugnion) 2/
May 27, 2021 8 tweets 4 min read
Hey Microsoft Research people who think that constant facial emotion analysis might not be a great thing (among others), what do you think of this proposed Teams feature published at CHI to spotlight videos of audience members with high affective ‘scores’? microsoft.com/en-us/research… Requires constantly pouring all face data on Teams through Azure APIs. Especially identifies head gestures and confusion to pull audience members out to the front, just in case you weren’t policing your face enough during meetings already.
May 26, 2021 15 tweets 4 min read
Big UK GDPR case: Court of Appeal rules in favour of the @OpenRightsGroup @the3million: Immigration Exemption to SARs is incompatible with Art 23 GDPR. This is a new exemption from 2018 the Home Office uses to withhold data rights info in 59% of cases. bailii.org/ew/cases/EWCA/… Warby LJ is sympathetic to CJEU jurisprudence that 'the legal basis which permits the interference with those rights must itself define the scope of the limitation', noting that the Immigration E is highly discretionary, and the DPA18 does not contain limits on its scope.